Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

71 advisories

Loading
Gossipsub PRUNE.backoff Duration Overflow High
CVE-2026-33040 was published for libp2p-gossipsub (Rust) Mar 18, 2026
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop High
CVE-2026-32875 was published for ujson (pip) Mar 18, 2026
vmfunc Credited to vmfunc and bwoodsend bwoodsend bwoodsend
Yamux vulnerable to remote Panic via malformed WindowUpdate credit High
CVE-2026-31814 was published for yamux (Rust) Mar 13, 2026
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder High
CVE-2026-25989 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions High
CVE-2026-25794 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
go-f3 module vulnerable to integer overflow leading to panic High
CVE-2025-59942 was published for github.com/filecoin-project/go-f3 (Go) Sep 29, 2025
0xNirix Credited to 0xNirix
ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow High
CVE-2025-57803 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
mescuwa Credited to mescuwa
imagemagick: integer overflows in MNG magnification High
CVE-2025-55154 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits High
CVE-2025-52520 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 10, 2025
westonsteimel Credited to westonsteimel
Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt High
GHSA-p22h-3m2v-cmgh was published for github.com/cosmos/cosmos-sdk (Go) Jul 8, 2025
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt High
GHSA-869w-47c6-fq8q was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow High
CVE-2025-32033 was published for apollo-router (Rust) Apr 7, 2025
Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow High
CVE-2025-29072 was published for github.com/NethermindEth/juno (Go) Mar 27, 2025
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic High
GHSA-7225-m954-23v7 was published for cosmossdk.io/math (Go) Nov 20, 2024
TensorFlow has segfault in array_ops.upper_bound High
CVE-2023-33976 was published for tensorflow (pip) Jul 30, 2024
dmc1778 Credited to dmc1778
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow High
CVE-2024-32655 was published for Npgsql (NuGet) May 9, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource and NinoFloris NinoFloris NinoFloris
pgproto3 SQL Injection via Protocol Message Size Overflow High
GHSA-7jwh-3vrq-q3m8 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
pgx SQL Injection via Protocol Message Size Overflow High
CVE-2024-27304 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
Integer overflow in chunking helper causes dispatching to miss elements or panic High
CVE-2024-27101 was published for github.com/authzed/spicedb (Go) Mar 1, 2024
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption High
GHSA-c2v4-chx5-vff6 was published for commonmarker (RubyGems) Jan 4, 2024 withdrawn
HTTP/2 HPACK integer overflow and buffer allocation High
CVE-2023-36478 was published for org.eclipse.jetty.http2:http2-hpack (Maven) Oct 10, 2023
bismuthsalamander Credited to bismuthsalamander, samalws-tob, kaoudis, smichaels-tob, and joakime samalws-tob samalws-tob
kaoudis kaoudis smichaels-tob smichaels-tob joakime joakime
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware High
CVE-2022-31005 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi Credited to weissi
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding High
CVE-2022-24667 was published for github.com/apple/swift-nio-http2 (Swift) May 18, 2023
Vyper vulnerable to integer overflow in loop High
CVE-2023-32058 was published for vyper (pip) May 12, 2023
trocher Credited to trocher
TensorFlow vulnerable to integer overflow in EditDistance High
CVE-2023-25662 was published for tensorflow (pip) Mar 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database